diff --git a/src/soc/amd/cezanne/psp_verstage/chipset.c b/src/soc/amd/cezanne/psp_verstage/chipset.c
index 7ad21490f8..f680456b1a 100644
--- a/src/soc/amd/cezanne/psp_verstage/chipset.c
+++ b/src/soc/amd/cezanne/psp_verstage/chipset.c
@@ -1,12 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0-only */
 
-/* This file contains stub for not-yet-implemented svc in cezanne PSP.
- * So this file will and should be removed eventually when psp_verstage works
- * correctly in cezanne.
- */
-
 #include <bl_uapp/bl_syscall_public.h>
-#include <console/console.h>
 #include <psp_verstage.h>
 
 uint32_t update_psp_bios_dir(uint32_t *psp_dir_offset, uint32_t *bios_dir_offset)
@@ -24,6 +18,21 @@ uint32_t get_bios_dir_addr(struct psp_ef_table *ef_table)
 	return ef_table->bios3_entry;
 }
 
+int platform_set_sha_op(enum vb2_hash_algorithm hash_alg,
+			struct sha_generic_data *sha_op)
+{
+	if (hash_alg == VB2_HASH_SHA256) {
+		sha_op->SHAType = SHA_TYPE_256;
+		sha_op->DigestLen = 32;
+	} else if (hash_alg == VB2_HASH_SHA384) {
+		sha_op->SHAType = SHA_TYPE_384;
+		sha_op->DigestLen = 48;
+	} else {
+		return -1;
+	}
+	return 0;
+}
+
 
 /* Functions below are stub functions for not-yet-implemented PSP features.
  * These functions should be replaced with proper implementations later.
diff --git a/src/soc/amd/cezanne/psp_verstage/svc.c b/src/soc/amd/cezanne/psp_verstage/svc.c
index bd4bec5798..e0f1b52d60 100644
--- a/src/soc/amd/cezanne/psp_verstage/svc.c
+++ b/src/soc/amd/cezanne/psp_verstage/svc.c
@@ -112,3 +112,17 @@ uint32_t svc_reset_system(enum reset_type reset_type)
 	SVC_CALL1(SVC_RESET_SYSTEM, reset_type, retval);
 	return retval;
 }
+
+uint32_t svc_crypto_sha(struct sha_generic_data *sha_op, enum sha_operation_mode sha_mode)
+{
+	uint32_t retval = 0;
+	SVC_CALL2(SVC_SHA, sha_op, sha_mode, retval);
+	return retval;
+}
+
+uint32_t svc_modexp(struct mod_exp_params *mod_exp_param)
+{
+	uint32_t retval = 0;
+	SVC_CALL1(SVC_MODEXP, mod_exp_param, retval);
+	return retval;
+}
diff --git a/src/soc/amd/common/psp_verstage/Makefile.inc b/src/soc/amd/common/psp_verstage/Makefile.inc
index 678bc45f0f..a913a5ba56 100644
--- a/src/soc/amd/common/psp_verstage/Makefile.inc
+++ b/src/soc/amd/common/psp_verstage/Makefile.inc
@@ -16,10 +16,7 @@ verstage-y += psp_verstage.c
 verstage-y += psp.c
 verstage-y += reset.c
 verstage-y += timer.c
-ifneq ($(CONFIG_SOC_AMD_CEZANNE),y)
-# cezanne PSP does not support these functions yet (b/187906425)
 verstage-y += vboot_crypto.c
-endif
 
 $(obj)/psp_verstage.bin: $(objcbfs)/verstage.elf
 	$(OBJCOPY_verstage) -O binary $^ $@
diff --git a/src/soc/amd/common/psp_verstage/include/psp_verstage.h b/src/soc/amd/common/psp_verstage/include/psp_verstage.h
index 7bfc8b77ee..be6b23dfdd 100644
--- a/src/soc/amd/common/psp_verstage/include/psp_verstage.h
+++ b/src/soc/amd/common/psp_verstage/include/psp_verstage.h
@@ -3,6 +3,8 @@
 #ifndef PSP_VERSTAGE_H
 #define PSP_VERSTAGE_H
 
+#include <2crypto.h>
+#include <bl_uapp/bl_syscall_public.h>
 #include <stdint.h>
 #include <soc/psp_transfer.h>
 
@@ -62,5 +64,7 @@ uint32_t get_max_workbuf_size(uint32_t *size);
 uint32_t update_psp_bios_dir(uint32_t *psp_dir_offset, uint32_t *bios_dir_offset);
 uint32_t save_uapp_data(void *address, uint32_t size);
 uint32_t get_bios_dir_addr(struct psp_ef_table *ef_table);
+int platform_set_sha_op(enum vb2_hash_algorithm hash_alg,
+			struct sha_generic_data *sha_op);
 
 #endif /* PSP_VERSTAGE_H */
diff --git a/src/soc/amd/common/psp_verstage/vboot_crypto.c b/src/soc/amd/common/psp_verstage/vboot_crypto.c
index 3f7151ac11..581d92485f 100644
--- a/src/soc/amd/common/psp_verstage/vboot_crypto.c
+++ b/src/soc/amd/common/psp_verstage/vboot_crypto.c
@@ -21,13 +21,7 @@ vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, uint32_
 
 	sha_op_size_remaining = data_size;
 
-	if (hash_alg == VB2_HASH_SHA256) {
-		sha_op.SHAType = SHA_TYPE_256;
-		sha_op.DigestLen = 32;
-	} else if (hash_alg == VB2_HASH_SHA512) {
-		sha_op.SHAType = SHA_TYPE_512;
-		sha_op.DigestLen = 64;
-	} else {
+	if (platform_set_sha_op(hash_alg, &sha_op) != 0) {
 		printk(BIOS_INFO, "Unsupported hash_alg %d!\n", hash_alg);
 		return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
 	}
diff --git a/src/soc/amd/picasso/psp_verstage/chipset.c b/src/soc/amd/picasso/psp_verstage/chipset.c
index b7acbcd282..83f956b236 100644
--- a/src/soc/amd/picasso/psp_verstage/chipset.c
+++ b/src/soc/amd/picasso/psp_verstage/chipset.c
@@ -23,3 +23,18 @@ uint32_t get_bios_dir_addr(struct psp_ef_table *ef_table)
 {
 	return ef_table->bios1_entry;
 }
+
+int platform_set_sha_op(enum vb2_hash_algorithm hash_alg,
+			struct sha_generic_data *sha_op)
+{
+	if (hash_alg == VB2_HASH_SHA256) {
+		sha_op->SHAType = SHA_TYPE_256;
+		sha_op->DigestLen = 32;
+	} else if (hash_alg == VB2_HASH_SHA512) {
+		sha_op->SHAType = SHA_TYPE_512;
+		sha_op->DigestLen = 64;
+	} else {
+		return -1;
+	}
+	return 0;
+}
diff --git a/src/vendorcode/amd/fsp/cezanne/include/bl_uapp/bl_syscall_public.h b/src/vendorcode/amd/fsp/cezanne/include/bl_uapp/bl_syscall_public.h
index 75458c3025..61c9e5f0a8 100644
--- a/src/vendorcode/amd/fsp/cezanne/include/bl_uapp/bl_syscall_public.h
+++ b/src/vendorcode/amd/fsp/cezanne/include/bl_uapp/bl_syscall_public.h
@@ -35,6 +35,7 @@
 #define SVC_EXIT                            0x00
 #define SVC_ENTER                           0x02
 #define SVC_DEBUG_PRINT                     0x06
+#define SVC_MODEXP                          0x0C
 #define SVC_DEBUG_PRINT_EX                  0x1A
 #define SVC_GET_BOOT_MODE                   0x1C
 #define SVC_DELAY_IN_MICRO_SECONDS          0x2F
@@ -47,6 +48,17 @@
 #define SVC_COPY_DATA_FROM_UAPP             0x66
 #define SVC_RESET_SYSTEM                    0x67
 #define SVC_READ_TIMER_VAL                  0x68
+#define SVC_SHA                             0x69
+
+struct mod_exp_params {
+	char		*pExponent;	// Exponent address
+	unsigned int	ExpSize;	// Exponent size in bytes
+	char		*pModulus;	// Modulus address
+	unsigned int	ModulusSize;	// Modulus size in bytes
+	char		*pMessage;	// Message address, same size as ModulusSize
+	char		*pOutput;	// Output address; Must be big enough to hold the
+					// data of ModulusSize
+};
 
 enum psp_boot_mode {
 	PSP_BOOT_MODE_S0 = 0x0,
@@ -97,6 +109,31 @@ enum psp_timer_type {
 	PSP_TIMER_TYPE_MAX        = 2,
 };
 
+/* SHA types same as ccp SHA type in crypto.h */
+enum sha_type {
+	SHA_TYPE_256,
+	SHA_TYPE_384
+};
+
+/* All SHA operation supported */
+enum sha_operation_mode {
+	SHA_GENERIC
+};
+
+/* SHA Supported Data Structures */
+struct sha_generic_data {
+	enum sha_type	SHAType;
+	uint8_t		*Data;
+	uint32_t	DataLen;
+	uint32_t	DataMemType;
+	uint8_t		*Digest;
+	uint32_t	DigestLen;
+	uint8_t		*IntermediateDigest;
+	uint32_t	IntermediateMsgLen;
+	uint32_t	Init;
+	uint32_t	Eom;
+};
+
 /*
  * Exit to the main Boot Loader. This does not return back to user application.
  *
@@ -248,6 +285,21 @@ uint32_t svc_reset_system(enum reset_type reset_type);
  */
 uint32_t svc_write_postcode(uint32_t postcode);
 
+/*
+ * Generic SHA call for SHA, SHA_OTP, SHA_HMAC
+ */
+uint32_t svc_crypto_sha(struct sha_generic_data *sha_op, enum sha_operation_mode sha_mode);
+
+/*
+ * Calculate ModEx
+ *
+ * Parameters:
+ *       mod_exp_param - ModExp parameters
+ *
+ *   Return value: BL_OK or error code
+ */
+uint32_t svc_modexp(struct mod_exp_params *mod_exp_param);
+
 /* C entry point for the Bootloader Userspace Application */
 void Main(void);